session protection

src/routes/calendarRoutes.ts

@@ -11,6 +11,7 @@ import {
 } from "../utils/constants";
 import User from "../models/user";
 import { terminPlanerRequest } from "../utils/terminPlaner";
+import { sessionProtection } from "../middleware/authMiddleware";
 
 router.get(
   "/auth/google",
@@ -103,15 +104,25 @@ router.get(
   }
 );
 
-router.get("/store", calendarController.GetStoreId);
-router.get("/settings", calendarController.GetCalendarSettings);
+router.get("/store", sessionProtection, calendarController.GetStoreId);
+router.get(
+  "/settings",
+  sessionProtection,
+  calendarController.GetCalendarSettings
+);
 router.post(
   "/settings/personal",
+  sessionProtection,
   calendarController.UpdatePersonalCalendarSettings
 );
-router.post("/settings/store", calendarController.UpdateStoreCalendarSettings);
+router.post(
+  "/settings/store",
+  sessionProtection,
+  calendarController.UpdateStoreCalendarSettings
+);
 router.post(
   "/settings/personal/unlink",
+  sessionProtection,
   calendarController.UnlinkGoogleCalendar
 );
 

src/routes/storeRoutes.ts

@@ -2,8 +2,9 @@ import express from "express";
 const router = express.Router();
 
 import * as storeController from "../controllers/storeController";
+import { sessionProtection } from "../middleware/authMiddleware";
 
-router.get("/:storeId", storeController.GetStore);
-router.post("/:storeId", storeController.UpdateStore);
+router.get("/:storeId", sessionProtection, storeController.GetStore);
+router.post("/:storeId", sessionProtection, storeController.UpdateStore);
 
 export default router;

src/routes/storeServicesRoutes.ts

@@ -2,23 +2,47 @@ import express from "express";
 const router = express.Router();
 
 import * as storeServicesController from "../controllers/storeServicesController";
+import { sessionProtection } from "../middleware/authMiddleware";
 
-router.get("/:storeId", storeServicesController.GetStoreServices);
-router.post("/service", storeServicesController.CreateStoreService);
-router.post("/update", storeServicesController.UpdateStoreService);
-router.post("/activity", storeServicesController.CreateStoreServiceActivity);
+router.get(
+  "/:storeId",
+  sessionProtection,
+  storeServicesController.GetStoreServices
+);
+router.post(
+  "/service",
+  sessionProtection,
+  storeServicesController.CreateStoreService
+);
+router.post(
+  "/update",
+  sessionProtection,
+  storeServicesController.UpdateStoreService
+);
+router.post(
+  "/activity",
+  sessionProtection,
+  storeServicesController.CreateStoreServiceActivity
+);
 router.get(
   "/activities/:storeId/:serviceId",
+  sessionProtection,
   storeServicesController.GetStoreServiceActivities
 );
 router.post(
   "/activity/update",
+  sessionProtection,
   storeServicesController.UpdateStoreServiceActivity
 );
 router.delete(
   "/activity/:activityId",
+  sessionProtection,
   storeServicesController.DeleteStoreServiceActivity
 );
-router.delete("/:serviceId", storeServicesController.DeleteStoreService);
+router.delete(
+  "/:serviceId",
+  sessionProtection,
+  storeServicesController.DeleteStoreService
+);
 
 export default router;

src/routes/usersRoutes.ts

@@ -2,10 +2,11 @@ import express from "express";
 const router = express.Router();
 
 import * as usersController from "../controllers/usersController";
+import { sessionProtection } from "../middleware/authMiddleware";
 
-router.post("/", usersController.AddEmployee);
-router.get("/:storeId", usersController.GetEmployees);
-router.post("/update", usersController.UpdateEmployee);
-router.delete("/", usersController.DeleteEmployee);
+router.post("/", sessionProtection, usersController.AddEmployee);
+router.get("/:storeId", sessionProtection, usersController.GetEmployees);
+router.post("/update", sessionProtection, usersController.UpdateEmployee);
+router.delete("/", sessionProtection, usersController.DeleteEmployee);
 
 export default router;